Day 13

Set Up A Password Manager

DAY 13: Set Up A Password Manager

Welcome to Day 13 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at snubsie.com, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30 here on Youtube.

Let's talk about password managers today. A password manager is software or an online service that stores all of your passwords in one place, and can also assist in generating or retrieving passwords whenever you need them. Think of it as a digital safe that is used to store all your secret passwords. This is a wonderful tool and highly recommended because not only are they super convenient in this day and age, but they're also crazy useful. Humans constantly have to remember so much, it's impossible to remember every single password, especially if you use good ones.

You might think "but wait! Using a password manager means you'd be putting trust in another company to keep them secure right?" Yeah, that's true in some cases, but not all. Password Managers come in various ways: Online services through a web portal, local software applications, even local hardware devices.

Any password manager you choose will require you to remember a unique master password to unlock the safe. Once it's unlocked, you gain access to all of those passwords stored inside of the safe. At this point you might be thinking "seriously? Another app to download? I can remember my passwords". Good luck with that, if you can remember them thats great... But a manager is built to help you create stronger passwords that you don't HAVE to remember. If you're using simple short passwords that don't have a mix of numbers, characters, symbols, and different cases, you might be a victim of bad passwords. If you're using passwords that someone else has access to, like ones that are found under your keyboard, ones you've texted to family, or ones taped to the side of your wifi router, you might be a victim of bad password management. If you use the same password or a slight variation of the same password across multiple sites, or if you share passwords with coworkers, friends or family, you might be a victim of weaknesses in your passwords. Any of these reasons are reason enough to use a password manager.

Vulnerabilities are a possibility with any apps or software, and we have seen some vulnerabilities pop up over time against password managers. In all of these cases, the companies were swift to fix issues and update their platforms. But because this is a possibility, overtime I have stored over 100 passwords in a password manager, all with randomly generated passwords that even I don't know, but decided to never store my banking, email, or social network accounts inside of them. This ensures that I have memorized about 10 different accounts that aren't written anywhere, all that use two factor authentication as well. These crucial 10 accounts are the backbone of my online existence, and as such, even if a password manager got hacked, the hacker wouldn't be able to get into my email, bank, or social networks because they wouldn't have those passwords. If the manager got hacked, an attacker would be able to get into sites that I shop at, test accounts, news site logins, etc. Yes it would still be a pain to go in and regain access to those accounts, but it wouldn't be as annoying as trying to keep all those passwords memorized. I'll talk more about two factor authentication and creating good passwords in the next couple of days.

Personally, I use LastPass and have been so for several years. It is an online service that has a mobile and browser app and it autofills sites that I visit. This means that when I go to thinkgeek.com for example, it'll recognize the website and fill in the username and password for me. That way I don't have to copy and paste the password each time from the LastPass app, it just does it for me which saves tons of time. It also has a password generation tool that can generate new passwords for me whenever I want. I don't have to memorize passwords anymore. Less stress, less to think about, more automation. WIN.

If you're not so keen on the idea of using an online service, and rightfully so (I AM sacrificing some security by trusting an online service), then you can use a local storage option instead. These don't offer the same convenience an online one does, but they are much more secure.

There are many options for password managers and some of my favs include LastPass, 1Password, KeePass, and Dashlane. Some are free or inexpensive, others cost some money for a license. Each of them offers great features and secure forms of saving your passwords.

Day 13 is now complete! Tomorrow is all about setting up new passwords! But first, make sure to subscribe on youtube and hit up snubsie.com for the downloadable checklist and to skip ahead on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 14!